Shulou(Shulou.com)06/02 Report--

Logs are important when troubleshooting files, because programs running on Linux systems usually write system messages and error messages to the corresponding system log. If there is a problem, the user can quickly locate and solve the fault by checking the log, so learning to view the log file is also a very important operation in daily maintenance.

Three types of Linux system logs

1. Kernel and system log. This kind of log data is uniformly managed by the system service rsyslog and decides where to log kernel messages and various system program messages according to the settings in its main configuration file / etc/rsyslog.conf. A considerable number of programs in the system will hand over log files to rsyslog management, so the log records used by these programs have a similar format.

2. User log. This kind of log data is used to record the relevant information of Linux operating system users logging in and logging out of the system, including user name, login terminal, login time, source host, process operation in use and so on.

3. Program log. Some applications will choose to manage a log file independently, which will be used to record all kinds of event information during the running of the program, rather than handing it over to rsyslog service management. Because these programs are only responsible for managing their own log files, the logging formats used by different programs may vary greatly.

Linux system user log related commands

Users#

The users command simply prints the name of the user currently logged in, with each displayed user name corresponding to a login session. If a user has more than one login session, his user name will be displayed the same number of times.

Who#

The who command is used to report information for each user currently logged into the system. Using this command, the system administrator can see which illegal users exist in the current system and audit and deal with them. The default output of who includes user name, terminal type, login date, and remote host.

W#

The W command is used to display each user in the current system and the process information they are running, which is a little richer than the output of the users and who commands.

Last#

The last command is used to query the user records that successfully logged in to the system, with the most recent login displayed at the top. Through the last command, you can timely grasp the login situation of the Linux host. If you find that an unauthorized user has logged in, it means that the current host may have been invaded.

Lastb#

The lastb command is used to query the records of users who failed to log in, such as incorrect user names and incorrect passwords. Login failure is a security event because it indicates that someone may be trying to guess your password.

Common commands for viewing logs

Tail:

-n is the display line number; equivalent to the nl command; examples are as follows:

Tail-100f test.log real-time monitoring 100 lines of logs

Tail-n 10 test.log query the log of the last 10 lines at the end of the log

Tail-n + 10 test.log query all logs after 10 lines

Head:

In contrast to tail, tail refers to the number of lines of log after reading, while head refers to the number of lines of the first line of the log file. The example is as follows:

Head-n 10 test.log query the first 10 lines of logs in the log file

Head-n-10 test.log query log file all logs except the last 10 lines

Cat:

Tac is viewed in reverse order, which is the reverse of cat words. Examples are as follows:

Cat-n test.log | grep "debug" query keyword log (commonly used! ~)

Vim:

1. Enter vim editing mode: vim filename

2. Enter "/ keyword" and press enter key to find it.

3. Find the next one and press "n".

Exit: when you press the ESC key and then enter the: sign, vi will wait for us to enter a command at the bottom of the screen

Wq! Save exit

Q! Do not save exit

Today, with the vigorous development of cloud computing, instead of sitting idle at home, it is better to start learning immediately, and whether we can seize the opportunity when the opportunity explodes depends on whether we are ready and strong enough. So, from now on, Qianfeng 900G+ video tutorials are free! Just leave a message below. I hope it can help you grow up in the "adversity" and start the new year calmly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.